Active Defense: Proactive Threat Intelligence with Honeypots

As cyber adversaries increase the sophistication and persistence of their attacks, old methods treating all threats the same become increasingly inadequate. One method for gaining better context around these threats is the use of “honeypots.”

A honeypot is a security resource deliberately designed to be probed, attacked and compromised, for the purpose of gathering intelligence around an attacker. By tricking our adversaries into believing that they have gained access to our systems, we can watch their activities, where they connect from, what malware they upload to systems and other crucial information.

Furthermore, when integrated with other threat intelligence and automation tools, we can leverage this data to not only provide context around the threat but also to initiate an immediate response to block the attacker and share the data across our organizations or with others.

In an upcoming webcast, security engineer Ioannis Koniaris, developer of Honeydrive, a popular Linux distribution that comes with several honeypot applications pre-installed, will discuss with us how various open source honeypot tools work and how they can be used to gather threat intelligence data. Tripwire security researcher Ken Westin will present how to make use of the honeypot data collected to provide richer analytics and enhance your defenses.